Site to site VPN

RouterOS General
1

Model: 2011UiAS
OS: 6.42.7

I need to set up Mikrotik site to site vpn vs. Cisco ASA

  • There is other types with ipsec vpn on Cisco, but i cant get the Mikrotik to work.
  • Monitor shows VPN up, but there are no traffic.

local network 172.21.221.0/24 Peer: 62.101.215.150
Remote network 10.239.23.224/32 Peer: 31.185.29.2

Configuration:
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
set [ find default-name=sfp1 ] disabled=yes
/ip ipsec proposal
add enc-algorithms=3des lifetime=8h name=SP_Proposal
/ip address
add address=172.21.221.1/24 interface=ether2 network=172.21.221.0
add address=176.10.227.90/29 disabled=yes interface=ether1 network=176.10.227.88
add address=62.101.215.150/30 interface=ether1 network=62.101.215.148
/ip dhcp-server network
add address=172.21.221.0/24 dhcp-option-set=Opsjon-sett dns-server=172.21.221.1,8.8.8.8 gateway=172.21.221.1 ntp-server=129.240.2.6
/ip dns
set allow-remote-requests=yes servers=54.76.198.100,52.28.79.14
/ip firewall address-list
add address=172.21.221.0/24 list=internt
/ip firewall filter
add action=accept chain=forward connection-state=established,related dst-address=172.21.221.0/24 src-address=10.239.23.224
add action=accept chain=forward connection-state=established,related dst-address=10.239.23.224 src-address=172.21.221.0/24
add action=accept chain=input connection-state=established,related dst-address=10.239.23.224 src-address=172.21.221.0/24
add action=accept chain=forward disabled=yes dst-address=10.239.23.0/24 log=yes src-address=172.21.221.0/24
/ip firewall nat
add action=accept chain=srcnat dst-address=10.239.23.224 src-address=172.21.221.0/24
add action=masquerade chain=srcnat src-address=172.21.221.0/24
add action=masquerade chain=srcnat out-interface=ether1 src-address=10.10.10.0/24
add action=masquerade chain=srcnat src-address=192.168.100.0/24
/ip firewall raw
add action=notrack chain=prerouting disabled=yes dst-address=172.21.221.0/24 src-address=10.239.23.224
add action=notrack chain=prerouting disabled=yes dst-address=10.239.23.224 src-address=172.21.221.0/24
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-192,aes-128,3des generate-policy=port-override send-initial-contact=no
add address=31.185.29.2/32 comment=ServerParkering dh-group=modp1024 enc-algorithm=3des lifetime=8h local-address=62.101.215.150 nat-traversal=no
/ip ipsec policy
add dst-address=0.0.0.0/0 src-address=0.0.0.0/0 template=yes
add dst-address=10.239.23.224/32 proposal=SP_Proposal sa-dst-address=31.185.29.2 sa-src-address=62.101.215.150 src-address=172.21.221.0/24 tunnel=yes
/ip route
add distance=1 gateway=62.101.215.149